The Reserve Bank during 2023-24 sustained its endeavour towards providing secure, accessible, affordable and efficient payment systems for every user of the country. The Reserve Bank also explored avenues for expanding the global outreach of Unified Payments Interface (UPI) and RuPay cards. The Reserve Bank remained steadfast in its efforts to ensure robust and secured Information and Communication Technology (ICT) infrastructure for smooth functioning of IT systems and applications in the Reserve Bank. IX.1 Efficient payment and settlement systems foster economic development, promote financial stability and support financial inclusion. Ensuring safe and efficacious payment systems has been one of the important strategic goals of the Reserve Bank. The Reserve Bank is increasingly becoming a catalyst of innovation in the payments’ ecosystem, while also addressing risks and challenges and ensuring that the benefits of advancements reach a wider segment of the population. The Reserve Bank explored the possibilities for increasing the global footprints of UPI and RuPay cards by engaging with the central banks of various countries. IX.2 The Department of Information Technology (DIT) persevered with its efforts towards developing a state-of-the-art ICT infrastructure in the Reserve Bank for smooth functioning of its in-house IT systems and applications. During the year, besides enhancements in e-Kuber and payment systems, several initiatives were undertaken towards revamping major internal software applications such as enterprise knowledge portal (EKP), Sarthi (electronic document management system/digital workflow application), and EKAMEV (single sign-on portal for the employees). IX.3 Against this backdrop, section 2 covers developments in payment and settlement systems during 2023-24 and an assessment of the implementation status of the agenda for 2023-24. Section 3 provides various measures undertaken by the DIT during the year vis-à-vis the agenda set for 2023-24. The agenda for 2024-25 is also discussed. The chapter has been summarised in section 4. 2. DEPARTMENT OF PAYMENT AND SETTLEMENT SYSTEMS (DPSS) IX.4 During the year, the DPSS launched initiatives in line with the Payments Vision Document 2025 across anchor goalposts of integrity, inclusion, innovation, and internationalisation. These measures were aimed at enhancing the payments ecosystem and fostering a regulatory environment conducive to the growth of payment systems (Box IX.1). Payment Systems IX.5 The payment and settlement systems1 recorded a growth of 44 per cent in terms of transaction volume during 2023-24 on top of the expansion of 57.8 per cent in the previous year (Table IX.1). In value terms, the growth was 15.8 per cent in 2023-24 as against 19.2 per cent in the previous year, with moderation in growth rate of both retail and large value payment system [viz., real time gross settlement (RTGS)]. The share of digital transactions in the total volume of non-cash retail payments increased marginally to 99.8 per cent during 2023-24 from 99.6 per cent in the previous year. Box IX.1 Enhancements in UPI to Facilitate User Access and Convenience UPI, with its ease of usage, safety and security, and real-time feature, has transformed the digital payments ecosystem in India. A fast payment system like UPI with features like instant transfer of funds (24X7), use of virtual payment address, facilitation of peer-to-peer (P2P) and peer-to-merchant (P2M) transactions is immensely useful to the users. The steady stream of innovations has enhanced its usefulness and ease of use, which has resulted in UPI becoming the single largest retail payment system in terms of volume of transactions. The Reserve Bank has supported addition of many new features in UPI to enrich product offering - for instance, UPI123Pay, UPI Lite on-device wallet, linking RuPay credit cards to UPI, and processing mandates with single-block-and-multiple-debits. Continuing this trend, the following new enhancements were introduced in UPI during 2023-24: -
An innovative payment mode, viz., ‘Conversational Payments’ was enabled in UPI to allow users to engage in conversation with an artificial intelligence (AI)-powered system to initiate and complete transactions in a safe and secure environment. This channel is made available in both smartphones and feature phones-based UPI channels to deepen digital penetration in the country; -
UPI Lite on-device wallet has been gaining traction and currently processes more than 10 million transactions a month. To promote the use of UPI-Lite, offline transactions using near field communication (NFC) technology were also enabled. This feature not only allows retail digital payments in situations where internet/telecom connectivity is weak or not available, but also ensures faster transactions, with minimal rejections; and -
The scope of UPI was expanded by enabling transfer to/from pre-sanctioned credit lines at banks in addition to deposit accounts. In other words, UPI network will facilitate payments financed by credit from banks. This can reduce the cost of such offerings and help in development of unique products for Indian markets. Such innovations on an ongoing basis have facilitated the expansion of usage and user base of UPI and enabled the provision of digital payment instruments as ‘public goods.’ | Digital Payments IX.6 Among the digital modes of payments, RTGS transactions increased by 11.3 per cent during 2023-24 in volume terms and 14 per cent in value terms. The volume and value of retail transactions increased by 44.1 per cent and 20.1 per cent, respectively (Table IX.1). As at end-March 2024, RTGS services were available through 1,70,855 IFSCs2 of 247 member banks, while NEFT services were available through 1,72,290 IFSCs of 233 member banks. IX.7 Payments Infrastructure Development Fund (PIDF) substantially aided the growth in digital payments during the year by subsidising deployment of Point of Sale (PoS)/mobile PoS (mPoS) terminals, interoperable Quick Response (QR) infrastructure, Aadhaar enabled biometric devices, and other contemporary devices. It has improved the availability of acceptance infrastructure, especially in Tier III to Tier VI centres. During 2023-24, the number of PoS terminals increased by 14.3 per cent to 89.0 lakh, while the number of Bharat QR (BQR) codes deployed increased by 16.1 per cent to 62.5 lakh. UPI QR codes increased by 35.0 per cent to 34.6 crore as at end-March 2024. Table IX.1: Payment System Indicators - Annual Turnover (April-March) | Item | Volume (lakh) | Value (₹ lakh crore) | 2021-22 | 2022-23 | 2023-24 | 2021-22 | 2022-23 | 2023-24 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | A. Settlement Systems | | | | | | | CCIL Operated Systems | 33 | 41 | 43 | 2,068.7 | 2,588.0 | 2,592.1 | B. Payment Systems | | | | | | | 1. Large Value Credit Transfers - RTGS | 2,078 | 2,426 | 2,700 | 1,286.6 | 1,499.5 | 1,708.9 | Retail Segment (2 to 6) | | | | | | | 2. Credit Transfers | 5,77,935 | 9,83,621 | 14,86,107 | 427.3 | 550.1 | 675.4 | 2.1 AePS (Fund Transfers) | 10 | 6 | 4 | 0.006 | 0.004 | 0.003 | 2.2 APBS | 12,573 | 17,834 | 25,888 | 1.3 | 2.5 | 3.9 | 2.3 ECS Cr | - | - | - | - | - | - | 2.4 IMPS | 46,625 | 56,533 | 60,053 | 41.7 | 55.9 | 65.0 | 2.5 NACH Cr | 18,758 | 19,257 | 16,227 | 12.8 | 15.4 | 15.3 | 2.6 NEFT | 40,407 | 52,847 | 72,640 | 287.3 | 337.2 | 391.4 | 2.7 UPI | 4,59,561 | 8,37,144 | 13,11,295 | 84.2 | 139.1 | 200.0 | 3. Debit Transfers and Direct Debits | 12,189 | 15,343 | 18,250 | 10.3 | 12.9 | 16.9 | 3.1 BHIM Aadhaar Pay | 228 | 214 | 194 | 0.1 | 0.1 | 0.1 | 3.2 ECS Dr | - | - | - | - | - | - | 3.3 NACH Dr | 10,755 | 13,503 | 16,426 | 10.3 | 12.8 | 16.8 | 3.4 NETC (Linked to Bank Account) | 1,207 | 1,626 | 1,629 | 0.02 | 0.03 | 0.03 | 4. Card Payments | 61,783 | 63,325 | 58,470 | 17.0 | 21.5 | 24.2 | 4.1 Credit Cards | 22,399 | 29,145 | 35,610 | 9.7 | 14.3 | 18.3 | 4.2 Debit Cards | 39,384 | 34,179 | 22,860 | 7.3 | 7.2 | 5.9 | 5. Prepaid Payment Instruments | 65,783 | 74,667 | 78,775 | 2.8 | 2.9 | 2.8 | 6. Paper-based Instruments | 6,999 | 7,109 | 6,632 | 66.5 | 71.7 | 72.1 | Total Retail Payments (2+3+4+5+6) | 7,24,689 | 11,44,065 | 16,48,234 | 523.9 | 659.1 | 791.5 | Total Payments (1+2+3+4+5+6) | 7,26,767 | 11,46,491 | 16,50,934 | 1,810.5 | 2,158.6 | 2,500.4 | Total Digital Payments (1+2+3+4+5) | 7,19,768 | 11,39,382 | 16,44,302 | 1,744.0 | 2,086.8 | 2,428.2 | CCIL : Clearing Corporation of India Ltd. AeP : Aadhaar Enabled Payment System. Cr : Credit. APBS : Aadhaar Payment Bridge System. ECS : Electronic Clearing Service. Dr : Debit. IMPS : Immediate Payment Service. NACH : National Automated Clearing House. - : Nil/Negligible. NEFT : National Electronic Funds Transfer. BHIM : Bharat Interface for Money. NETC : National Electronic Toll Collection. Note: 1. RTGS system includes customer and inter-bank transactions only. 2. Settlements of government securities and forex transactions are through the CCIL. Government securities include outright trades and both legs of repo transactions and triparty repo transactions. 3. Figures for cards are for payment transactions at Point of Sale (PoS) terminals and online. 4. Figures in the columns might not add up to the total due to rounding off of numbers. Source: RBI. | Authorisation of Payment Systems IX.8 During the year, the Reserve Bank accorded Certificate of Authorisation to 22 online Payment Aggregators (PAs), two non-bank Prepaid Payment Instrument (PPI) issuers and one Trade Receivables Discounting System (TReDS) platform operator, besides granting in-principle authorisation to a few other online PAs, PPIs, one white label ATM (WLA) operator and one TReDS platform operator. Moreover, during the year, the Reserve Bank granted approval to one bank for PPI issuance, two banks for operating as Bharat Bill Payment Operating Units (BBPOUs), and 52 banks for providing mobile banking facility to their customers (Table IX.2). In addition, guidelines have been prescribed to include PAs-Cross Border as well under the regulatory purview of the Reserve Bank. Table IX.2: Authorisation of Payment System Operators (PSOs) [end-March] | (Number) | Entities | 2023 | 2024 | 1 | 2 | 3 | A. Non-Banks – Authorised | | | PPI Issuers | 36 | 38 | Payment Aggregator (Online) | - | 22 | WLA Operators | 4 | 4 | Instant Money Transfer Service Providers | 1 | 1 | BBPOUs | 10 | 10 | TReDS Platform Operators | 3 | 4 | MTSS Operators | 8 | 8 | Card Networks | 5 | 5 | ATM Networks | 2 | 2 | B. Banks – Approved | | | PPI Issuers | 58 | 59 | BBPOUs | 44 | 46 | Mobile Banking Providers | 725 | 777 | ATM Networks | 3 | 3 | Note: 1. PSOs comprise PPI issuers, online payment aggregators (PAs-Online), cross-border money transfer service schemes (MTSS), WLA operators, TReDS platforms, ATM networks, instant money transfer service providers, card networks, BBPOUs and central counterparty (CCP), besides the CCIL and the National Payments Corporation of India (NPCI). 2. In addition, one non-bank entity has also been granted authorisation to operate as a CCP. Source: RBI. | Agenda for 2023-24 IX.9 The Department had set out the following goals for 2023-24: • Based on learnings from the internal assessment of the centralised payment systems (CPS), i.e., NEFT and RTGS, in compliance with principles for financial market infrastructure (PFMI) standards, a resilient framework prescribing standards, frequency and disclosures for the oversight of CPS would be formulated (Utkarsh 2.0) [Paragraph IX.10]; • The PIDF has received overwhelming support from the contributors (viz., the Reserve Bank, card networks and card issuing banks) and acquirers for deployment of payment acceptance infrastructure3. The implementation of the scheme threw up various innovative ideas and field level experiences. The feasibility of continuing the PIDF scheme would be explored (Utkarsh 2.0) [Paragraph IX.10]; • To enhance the payment experience further, the feasibility of real-time payee name validation before actual fund transfer would be explored (Paragraph IX.10); and • To continue with initiatives to enhance dissemination of granular data on payment systems to provide useful insights to stakeholders and facilitate research and further innovations in payment systems (Paragraph IX.10). Implementation Status IX.10 The Reserve Bank has formulated a standard operating procedure (SOP) for oversight of CPS, i.e., NEFT and RTGS, based on the learnings from the internal assessment of CPS in line with PFMI standards. As announced in the Statement on Developmental and Regulatory Policies (October 6, 2023), the PIDF scheme was extended by a period of two years, i.e., up to December 31, 2025. The Reserve Bank is working on the implementation of the ‘payee name look-up facility’ in compliance with newly enacted ‘The Digital Personal Data Protection Act, 2023’. The Reserve Bank is also working on enhancing coverage and granularity of published payment transaction data, which shall provide useful insights to stakeholders and facilitate research and further innovations in payment systems. Major Developments Integrity Regulation of Payment Aggregators - Cross Border (PAs - Cross Border) IX.11 PAs-Cross Border are entities that facilitate cross-border payment transactions for import and export of permissible goods and services in online mode. Keeping in view the developments that have taken place in cross-border payments, it was decided to bring all such entities under direct regulation of the Reserve Bank, and guidelines for the regulation of PAs-Cross Border were accordingly issued during the year. Creating a Common Corporate Governance Structure for RTGS and NEFT IX.12 A Standing Committee for management of CPS has been constituted for providing a structured forum for continuous dialogue with members to create a common corporate governance structure for RTGS and NEFT systems. Card-on-File Tokenisation (CoFT)4 - Enabling Tokenisation Through Card Issuing Banks IX.13 The Reserve Bank permitted CoFT facilities directly through card issuing banks/institutions. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process. Cyber Resilience and Payment Security Controls of PSOs IX.14 The Reserve Bank placed ‘Draft Master Direction on Cyber Resilience and Payment Security Controls of PSOs’ on its website for comments. The document covers robust governance mechanisms for identification, analysis, monitoring and management of information security, including cyber security risks and vulnerabilities, and baseline security measures for ensuring safe and secure digital payment transactions. Arrangements with Card Networks for Issue of Credit Cards IX.15 The Reserve Bank asked card issuers (banks/non-banks), with 10 lakh or more active cards issued by them, not to enter into any arrangement or agreement with card networks that may limit their ability to tie-up with other card-networks. They were also mandated to provide the customers the facility to choose among multiple card networks. Amendments to Master Direction on PPIs IX.16 The Reserve Bank permitted authorised bank and non-bank PPI issuers to issue PPIs for mass transit systems (PPI-MTS) for making payments across various public transport systems. This will provide convenience, speed, affordability and safety of digital modes of payment to commuters for transit services. Self-Assessment of RTGS and NEFT Under Principles for Financial Market Infrastructures (PFMIs) IX.17 The centralised payment systems which include RTGS and NEFT, are owned and operated by the Reserve Bank. To enhance the robustness of the centralised payment systems, their self-assessment against the PFMIs was carried out in 2023-24. Such self-assessments will be carried out annually from 2023-24. Since RTGS is categorised as a financial market infrastructure, a public disclosure document for RTGS, based on the self-assessment, has been published on the Reserve Bank’s website. Innovation Interoperable Payment System for Internet Banking Transactions IX.18 Internet banking transactions processed through PAs are not interoperable, i.e., a bank is required to separately integrate with each PA of different online merchants. As a result, there are delays in actual receipt of payments by merchants, which may result in settlement risks. The Reserve Bank gave approval for implementing an interoperable payment system for internet banking transactions to NPCI Bharat BillPay Ltd. (NBBL). The new system will facilitate quicker settlement of funds for merchants. Financial Inclusion Expanding the Scope of TReDS IX.19 The Reserve Bank expanded the scope of activity in TReDS by permitting insurance for transactions, increasing the pool of financiers, and enabling secondary market for factoring units (FUs). This will improve the cash flows of MSMEs. Expanding the Scope and Reach of e-RUPI Vouchers IX.20 The Reserve Bank expanded the scope of e-RUPI vouchers by permitting non-bank PPI issuers to issue e-RUPI vouchers, enabling its issuance on behalf of individuals, and modifying other aspects like reloading of vouchers, authentication process, and issuance limits to facilitate use of e-RUPI vouchers. Streamlining Bharat Bill Payment System (BBPS) Processes and Membership Criteria IX.21 The Reserve Bank revised the regulatory framework for BBPS in view of significant developments that have taken place in this domain. This will streamline the process of bill payments, enable greater participation, and enhance customer protection, among other changes. Inclusion of Pradhan Mantri Vishwakarma Scheme Beneficiaries Under PIDF Scheme IX.22 The beneficiaries identified as part of the Pradhan Mantri Vishwakarma scheme across the country were included as merchants for deployment under the PIDF scheme. Other contemporary devices, viz., (i) soundbox devices and (ii) Aadhaar-enabled biometric devices, were also made eligible for subsidy under the scheme. The amount of subsidy for devices deployed in special focus areas, viz., North-Eastern states, and Union Territories of Jammu & Kashmir and Ladakh, was increased from 75 per cent to 90 per cent of the total cost, irrespective of the type of device, to further accelerate and augment the deployment of payment acceptance infrastructure. Processing of e-Mandates for Recurring Transactions IX.23 The Reserve Bank enhanced the limit for subsequent recurring transactions undertaken without additional factor of authentication, as prescribed in the e-mandate framework, from ₹15,000 to ₹1,00,000 per transaction for the following categories: (a) subscription to mutual funds, (b) payment of insurance premia, and (c) credit card bill payments. Enhancing UPI Transaction Limit for Specified Categories IX.24 The Reserve Bank enhanced the limit for UPI payments made to hospitals and educational institutions from ₹1 lakh to ₹5 lakh per transaction. Enhancing the Robustness of Aadhaar Enabled Payment System (AePS) IX.25 The Reserve Bank proposed to streamline the onboarding process, including mandatory due diligence, for AePS touchpoint operators, to be followed by banks. In 2023, more than 37 crore users undertook AePS transactions, which points to the important role played by AePS in financial inclusion. Additional fraud risk management requirements will also be considered, which will enhance the robustness of the AePS. Merger of Grids Under Cheque Truncation System (CTS) IX.26 To promote efficient cheque processing, the Reserve Bank had undertaken to migrate CTS from an architecture of three regional grids to one national grid. The merger was completed on October 13, 2023. The merged grid has been named as National Grid Clearing House (NGCH) and the Reserve Bank, Chennai office, has been designated as the nodal office for management and oversight of the operations of the merged grid. The merger has improved liquidity efficiency of the system and has enabled rationalisation of cheque clearing infrastructure. After the merger, all cheques presented through the CTS are being processed as local cheques. Enhancing Public Awareness through Various Channels IX.27 The Reserve Bank has been conducting electronic banking awareness and training (e-BAAT) programmes regularly for the benefit of various strata of society across the country. During the year, 340 e-BAAT programmes were conducted by the regional offices of the Reserve Bank, in which safe usage of electronic payment systems, their benefits and grievance redressal mechanisms were explained to the participants. Digital Payments Awareness Week 2024 IX.28 The Reserve Bank observed the Digital Payment Awareness Week during March 4-10, 2024 with the theme ‘Digital Payment, Surakshit Payment’ (‘Digital Payment, Safe Payment’) under the mission ‘Har Payment Digital’5. As part of the initiative, all regional offices of the Reserve Bank will start regional campaigns to convert market places like vegetable markets/mandis and public transport infrastructure like auto/taxis into digital payment enabled clusters in their chosen areas. Internationalisation Global Outreach of Payment Systems IX.29 The Payments Vision Document 2025 has outlined expanding the global outreach of UPI and RuPay cards as one of the key objectives under the internationalisation pillar. The Reserve Bank is in talks with central banks of various countries for entering into collaborative arrangements. IX.30 In July 2023, the Reserve Bank and the Central Bank of the UAE (CBUAE) signed a memorandum of understanding (MoU) for interlinking their payments infrastructure. Under this MoU, the two central banks agreed, inter alia, to cooperate on linking their Fast Payment Systems [UPI of India with Instant Payment Platform (IPP) of UAE called Aani] and for linking their respective Card Switches (RuPay switch and UAESWITCH). IX.31 In February 2024, RuPay cards and UPI connectivity between India and Mauritius was launched. With this connectivity, an Indian traveller to Mauritius will be able to pay a merchant in Mauritius using UPI apps. Similarly, a Mauritian traveller will be able to do the same in India using the instant payment system apps of Mauritius. Further, with the adoption of RuPay technology, the Mauritius Central Automated Switch (MauCAS) card scheme will enable banks in Mauritius to issue RuPay cards domestically. Such cards can be used at ATMs and PoS terminals locally in Mauritius as well as in India. With this, Mauritius has become the first country outside Asia to issue cards using RuPay technology. IX.32 In February 2024, UPI connectivity between India and Sri Lanka was launched. This connectivity has enabled Indian travellers to make QR code-based payments at merchant locations in Sri Lanka using UPI apps. IX.33 The Reserve Bank and Nepal Rastra Bank are actively exploring the linkage of UPI platform of India and National Payments Interface of Nepal for enabling cross-border payments. In June 2023, NPCI International Payments Ltd. (NIPL) and Nepal Clearing House Ltd. (NCHL) signed a MoU for the purpose. Other Initiatives Digital Payments Index (DPI) IX.34 The Reserve Bank had constructed a composite DPI in 2021 to capture the extent of digitisation of payments across the country. The RBI-DPI index is computed semi-annually and has demonstrated significant growth, representing rapid adoption and deepening of digital payments across the country. The DPI increased by 10.9 per cent to 418.8 in September 2023 from 377.5 in September 2022 (Chart IX.1). Inspection of PSOs IX.35 Under Section 16 of the Payment and Settlement Systems Act, onsite inspections of 49 entities, viz., one retail payment organisation [NPCI which includes NPCI Bharat BillPay Ltd. (NBBL), RuPay Cards, and NPCI International Payments Ltd. (NIPL)], 29 non-bank PPI issuers, four WLA operators (WLAOs), 10 BBPOUs, one card network, two TReDS platform providers, one ATM network provider, and one entity facilitating instant money transfer (IMT) were carried out by the Reserve Bank during 2023-24. The Department undertook enforcement action against one PSO for contraventions/non-compliance of directions issued by the Reserve Bank. Developments in CCIL IX.36 The Reserve Bank and the Bank of England (BoE) signed a MoU on December 1, 2023, concerning cooperation and exchange of information in relation to CCIL. The MoU establishes a framework for BoE to place reliance on the Reserve Bank’s regulatory and supervisory activities while safeguarding United Kingdom’s (UK’s) financial stability. The MoU also demonstrates the importance of cross-border cooperation to facilitate international clearing activities and BoE’s commitment to defer to other regulators’ regimes, besides confirming the interests of both the authorities in enhancing cooperation in line with their respective laws and regulations. It also enables BoE to assess the application of CCIL for recognition as a third country CCP, which is a pre-requisite for UK-based banks to clear transactions through CCIL. Pursuant to the signing of the MoU on December 15, 2023, BoE provided recognition to CCIL. Agenda for 2024-25 IX.37 In 2024-25, the Department will focus on the following goals: -
The Central Payments Fraud Information Registry (CPFIR) reporting will be extended to local area banks, state cooperative banks, district cooperative banks, regional rural banks (RRBs) and non-scheduled urban cooperative banks (UCBs) for payment fraud reporting (Utkarsh 2.0); -
Presently, CTS has two settlements, one for presentation session and other for return session. Under on-realisation model, a single settlement would be arrived at after closure of return session for net position of each bank. This is expected to improve liquidity efficiency of the CTS; -
In light of goals for Viksit Bharat 2047, the Reserve Bank, along with NPCI International Payments Ltd. (NIPL) will work towards taking UPI to 20 countries with initiation timeline of 2024-25 and completion timeline of 2028-29. Further, Fast Payment System (FPS) collaboration with group of countries like European Union and South Asian Association for Regional Cooperation (SAARC), as well as multilateral linkages will be explored; -
At present, the payments ecosystem (card networks/banks/PPI entities) has largely adopted SMS-based one-time password (OTP) as additional factor of authentication (AFA). However, with the advancements in technology, various innovative solutions are now available to address the fraud and friction in payments. Hence, an alternate risk-based authentication mechanism leveraging behavioural biometrics, location/ historical payments, digital tokens, and in-app notifications will be explored; and -
Presently, centralised payment systems (RTGS and NEFT) rely only on account number and IFSC for transfer of funds. With an aim to curb frauds and enhance the payment experience further, the introduction of real-time payee name validation before the actual fund transfer will be explored in compliance with newly enacted ‘The Digital Personal Data Protection Act, 2023’. 3. DEPARTMENT OF INFORMATION TECHNOLOGY (DIT) IX.38 During the year, enhancements in e-Kuber and payment systems were carried out to meet the evolving business requirements like roll-out of central bank digital currency (CBDC), reversal of facilities under liquidity adjustment facility (LAF) and making NEFT compliant with ISO 20022 standards. With the objective of digital transformation of work culture in the Reserve Bank, the Department undertook a comprehensive revamp of major internal applications of the Reserve Bank, viz., Enterprise Knowledge Portal-Intranet (EKP); SWAGAT (access management system); Sarthi (electronic document management system); and SAMWAD (video conferencing system). EKAMEV - identity access management (IAM) and mobile device management (MDM) were also rolled-out during the year to enhance the cyber security posture in the Reserve Bank. IX.39 Best practices in cyber hygiene have been adopted to ensure the security of the Reserve Bank’s IT infrastructure, consisting of IT applications, systems, networks, devices and data, against cyber risks by adopting emerging technologies, state-of-the-art tools, and continuous monitoring of the controls. The Department continues to collaborate with the Indian Computer Emergency Response Team (CERT-In) and other government agencies like National Critical Information Infrastructure Protection Centre (NCIIPC). Based on the advisories issued by agencies, inputs from threat intelligence sources, and continuous risk assessment and monitoring, the security controls are being upgraded on an ongoing basis, thus elevating the defence against cyber threats. An extended six-month long cyber-security awareness drive across the Reserve Bank with the overarching theme of ‘Secure Our World’ has also been implemented. While the construction of the ‘Enterprise Computing and Cybersecurity Training Institute’ is under progress to foster a safe and responsible cyber culture within the Reserve Bank, 26 training programmes covering around 753 officers from various locations have been conducted till March 31, 2024. IX.40 Further, in line with the Payments Vision Document 2025, and in order to support the global outreach and expand the footprint of domestic payment systems, a Global Structured Financial Messaging System (SFMS) Hub project was initiated. This would further improve the efficiency of the Reserve Bank’s payment system. Agenda for 2023-24 IX.41 The Department had set out the following goals for 2023-24: -
The e-Kuber application interface with many important stakeholders including Government of India and state governments needs to be up to date with the latest technology architecture to match the evolving IT and financial landscape. The e-Kuber has been designated as a Critical Information Infrastructure (CII) by the NCIIPC. The upgraded e-Kuber shall employ latest technologies using application programming interfaces (APIs), microservices and containers, and was expected to be completed for implementation in 2023-24 (Utkarsh 2.0) [Paragraph IX.42]; -
The Reserve Bank has initiated the project to construct a new state-of-the-art greenfield next generation data centre to address the capacity expansion constraints, meet ever-increasing IT landscape needs and avoid region specific risks. The construction of the data centre has commenced and shall be in an advanced stage of completion in 2023-24 (Utkarsh 2.0) [Paragraph IX.43]; -
The Reserve Bank, in its continuous endeavour to update and upgrade India’s national payment systems, has planned to upgrade the RTGS system. This will include improvements in existing functionalities and introduction of several new functionalities supported by the RTGS. The upgraded RTGS will take care of the futuristic requirements like scalability, enhanced security and performance (Paragraph IX.44); and -
The Department will be enhancing the internal applications to facilitate a transformation towards digital modes and reducing dependence on manual and paper-based procedures in day-to-day work. Continuous improvements in Sarthi, a revamped EKP, improved visitor management system and development of a web interface for regulated entities to submit applications/requests has been planned, which will help bring about the digital transformation (Paragraph IX.45 – Paragraph IX.48). Implementation Status IX.42 With the vision of providing best-in-class and environment-friendly digital and physical infrastructure, the Department upgraded e-Kuber to e-Kuber 2.0 with the latest technology. All the participants are now using the upgraded version of e-Kuber online portal. The currency management module has also been upgraded and is in use by various offices of the Reserve Bank. Currency chest (CC) holding banks have also started using the upgraded currency chest portal for real-time reporting of CC related transactions. IX.43 The construction of the data centre has commenced with the laying of foundation stone by the Governor, Reserve Bank, on March 22, 2023. The core and shell construction of the data centre is in the advanced stage of completion. The project is expected to be completed within the stipulated timeline. IX.44 The Department updated and upgraded RTGS system during 2023-24 with new functionality like Foreign Contribution (Regulation) Act (FCRA) code introduction, improved and efficient automated message flow, among various nodes of RTGS. Apart from these, the security features of the system have been upgraded in terms of better user management control and compatibility with latest digital certificates issued by the certifying authority, viz., Institute for Development & Research in Banking Technology (IDRBT). IX.45 The Department undertook a comprehensive revamp of the EKP, with the new EKP being a state-of-the-art, interactive and collaborative intranet portal with enhanced user interface and employee engagement features. IX.46 With the enhanced access management system christened as ‘Seamless SWAGAT’, the Department is seeking to implement facial recognition for employee access management and QR code technology for visitor access management system. This technology is presently being developed on a pilot basis at the Reserve Bank’s central office building, Mumbai. This is expected to be rolled out gradually in phases, based on feedback and user experiences. IX.47 The password-less authentication project for internal users of the Reserve Bank was implemented in two phases. Phase I enabled password-less biometric (face/fingerprint) authentication for desktop login. Phase II is identity access management (IAM) solution christened as “EKAMEV”, a secure single sign-on (SSO) portal to enhance user experience and security, while accessing the Reserve Bank’s web applications by its internal users. IX.48 Continuous enhancements in Sarthi are also being undertaken to improve the user experience and a revamped Sarthi 2.0 is under implementation. Sarthi 2.0 will come out with a host of features, including improved user interface (UI)/user experience (UX), mobile responsiveness, knowledge repository functionality, and integration with Microsoft Office. Major Initiatives Central Bank Digital Currency (CBDC) IX.49 CBDC (e₹) has been implemented in both wholesale and retail pilot segments. The use cases of CBDC are still evolving. The Reserve Bank introduced another use case in the e₹-Wholesale (e₹-W) pilot in October 2023 for facilitating inter-bank call money trades using e₹. Presently, the existing inter-bank call money trades are settled using RTGS. However, with e₹-W, banks can settle the call money trades in real time in e-Kuber without involvement of RTGS application. Further, the balances of e₹-W were mirrored with NPCI in real time to facilitate migration of e₹-W to distributed ledger technology (DLT) platform. ‘Just-in-Time’ Release of Centrally Sponsored Schemes (CSS) Funds Through e-Kuber IX.50 The project of using e-Kuber platform for releasing funds under CSS by Department of Expenditure, Ministry of Finance, Government of India, was implemented, wherein e-Kuber is handling the CSS funds flow ‘just in time’ from central government and state governments to the beneficiaries. Currently, seven state governments have been onboarded, and other state governments are being onboarded. Reversal of Facilities under LAF IX.51 As per the Statement on Developmental and Regulatory Policies (December 8, 2023), it was proposed to allow reversal of liquidity facilities under both Standing Deposit Facility (SDF) and Marginal Standing Facility (MSF) even during weekends and holidays with effect from December 30, 2023, as simultaneous high utilisation was observed in both MSF and SDF. This measure was expected to facilitate better fund management by the banks. Accordingly, changes were carried out in e-Kuber core banking solution (CBS) for enabling this. Further, the reversal of liquidity facilities availed under Automated Sweep-In and Sweep-Out (ASISO) facility for the transactions over the weekends and holidays were previously carried out on the next working day at Mumbai. Changes were also carried out in e-Kuber to facilitate reversal of these ASISO transactions immediately on next day (regardless of whether holiday or not). Making NEFT Compliant to ISO 20022 Messaging Standards IX.52 The NEFT system at the Reserve Bank has been migrated and made compliant with ISO 20022 messaging standards. The process of onboarding more than 230 member banks on ISO 20022 messaging standards has already started. The migration and onboarding of all the member banks is expected to be completed in early 2024. The adoption of ISO 20022 will provide structured and granular data, improved analytics, end-to-end automation, and better global harmonisation. It will also pave the way for interoperability between RTGS and NEFT. Continuous Upgradation of IT and Cyber Security IX.53 The Department strives to continuously assess and upgrade the IT security infrastructure to enhance its efficiency and effectiveness of tackling the emergent threats and protect its IT infrastructure that caters to critical payment infrastructure. Towards this endeavour, the Department upgraded ‘Security Automation, Threat Analysis and Response Centre (SATARC): Next Generation Security Operation Centre (NGSOC)’ with innovative capabilities and additional advancements like security orchestration, automation and response, user entity behaviour analytics, extended detection and response. IX.54 During the year, the Department further strengthened its security posture by availing the services of an offensive security platform, which is used for proactive defence and automatic continuous fine-tuning of multiple security devices/ software, including policies pertaining to the Reserve Bank’s networks, systems, applications, and endpoints. The platform provides security assessments which simulate real time attack scenarios in a controlled environment to identify the security gaps and enable further fine-tuning of the systems based on the assessment results. Private Cloud Infrastructure Augmentation IX.55 The Department initiated the process of augmentation of its private cloud infrastructure (viz., virtualised compute, memory and storage) to increase the capacity of the existing clusters and replace servers reaching end of support. The added capacity will host next generation core banking solution (CBS) application (e-Kuber 3.0) as well as additional non-payment applications in the pipeline. The Reserve Bank’s private cloud provides additional benefits like centralised management of servers, scalability, and reduction in the overhead costs for application hosting. Centralised Digital Application Receipts and Tracking System IX.56 A secured web-based centralised portal named as PRAVAAH (Platform for Regulatory Application, Validation And AutHorisation) has been developed to simplify and streamline the process of submitting applications seeking licence/authorisation/regulatory approvals from the Reserve Bank under various statutes/ regulations. By end-to-end digitisation of the entire processing lifecycle of applications, it will bring greater efficiencies into regulatory processes and facilitate ease of doing business for the regulated entities (REs). The portal will show time limits for deciding on the applications/approvals sought and real-time status updates shall be provided to the applicant. PRAVAAH has been designed with dynamic form-building capabilities to enable the regulatory departments to easily create/modify the template of online forms as and when required. The filled forms along with relevant documents will flow to Sarthi (the Reserve Bank’s internal electronic workflow application), for internal processing by the concerned departments. Features for seeking additional information from the applicants and replying to the applicant will also be available in the portal obviating the need to send e-mails/letters. Revamping of Video Conference IX.57 The Department has undertaken the SAMWAD (Secure Audio-Video Meetings With Advanced Devices) project under which the existing video conferencing (VC) system installed in the Reserve Bank is being revamped. The project entails a uniform, standardised and state-of-the-art audio-video and VC system across offices of the Reserve Bank. The revamped system provides advanced features such as active speaker tracking functionality, native 4K resolution display units, and capacity augmentation across centralised servers for more concurrent meetings. The implementation of the project is underway. Agenda for 2024-25 IX.58 The Department’s goals for 2024-25 are set out below: • The Reserve Bank has initiated the project to construct a new state-of-the-art greenfield next generation data centre to address the capacity expansion constraints, meet ever-increasing IT landscape needs and avoid region specific risks. The data centre, which is envisaged to cater to the internal needs of the Reserve Bank and its subsidiary organisations, shall commence its operations in 2024-25 (Utkarsh 2.0); • To enhance the security, integrity, and privacy of Indian financial sector data, cloud facility will be set up and initially operated by the IFTAS. This cloud facility is intended to be rolled out in a calibrated fashion in the medium-term (Box IX.2); Box IX.2 Cloud Facility for India’s Financial Sector Indian Financial Technology and Allied Services (IFTAS), a wholly owned subsidiary of the Reserve Bank, has more than eight years of experience in running its own cloud platform and providing various cloud services. This platform was put in place for hosting the projects of IFTAS, the Reserve Bank, and its subsidiaries for SFMS member interface. As Indian banks and financial entities deal with ever increasing volume of data and look at options of various public and private cloud facilities, it becomes imperative for them to carry out a comprehensive business technology risk assessment for the cloud service providers (CSPs) before availing their services. Moreover, issues such as enforceability of agreements and adherence to the global standards, including aspects of storage, integrity, protection, and confidentiality of data have also become relevant. In such a scenario, the Indian Banking Community Cloud (IBCC), as a one stop solution in terms of expertise and counsel of an experienced partner to provide support at every step of the process, will be beneficial to banks/ financial institutions (FIs), especially the smaller ones. Such a cloud will also allay any concerns in respect of jurisdiction and address issues of sovereignty, integrity, protection, and confidentiality of data. Accordingly, the Reserve Bank in its Statement on Developmental and Regulatory Policies (December 8, 2023) announced the setting up of a cloud facility for the financial sector, initially to be operated by IFTAS and later, to be transferred to a separate entity. The proposed cloud platform is expected to be at par in technology with leading public cloud service providers. The cloud platform will provide on-demand scalability with clustered high availability, disaster recovery with high recovery time objective (RTO) and recovery point objective (RPO), while maintaining high degree of security, integrity and privacy of data. Considering that the cloud platform will cater to the Indian financial system, a governance framework will be put in place for regulatory and security compliances. The framework will also define the onboarding requirements. A cloud vertical as an independent focused operating unit will be formed within IFTAS with allocation of various teams, including cloud strategy and governance, cloud architects, tech admin support teams, cloud operations and alerts monitoring teams, security teams, finance and accounting, sales and marketing, legal and contracting teams. The cloud services will be rolled out in a phased manner considering the requirements of the banking and financial sector and will be done with optimal capacity provisioning. Phase 1 of the services offerings: (a) Infrastructure-as-a-service, Platform-as-a-service, Software-as-a-service; (b) Container-as-a-service; (c) Storage-as-a-service; (d) Public Internet Protocol-as-a-service; (e) Disaster Recovery-as-a-service; (f) Antivirus-as-a-service; (g) Load Balance, Web Application Firewall-as-a-service; (h) Backup-as-a-service; and (i) Vulnerability Assessment-as-a-service. Phase 2 of the services offerings: (a) API Management; (b) Application Performance Management; (c) Availability Zone; and (d) Development, Security, and Operations (DevSecOps). It is expected that the IBCC will be able to set up multiple data centres including edge data centres on need basis to provide the whole range of services as expected from a CSP. Source: RBI. | -
The Indian Financial Network (INFINET) is the communication backbone for the Indian banking and financial sector. It is a closed user group (CUG) network for exclusive use of member banks and financial institutions. The INFINET runs the critical payment system applications such as RTGS, NEFT and e-Kuber. INFINET 3.0 seeks to refresh the existing INFINET 2.0 with better technology, bandwidth, and overall services. It is proposed to be built with the latest software-defined wide area network (SD-WAN) technology. The features proposed under SD-WAN include effective load balancing of the links, voice and video traffic optimisation and application aware routing. SD-WAN also provides for centralised management of the network and zero touch provisioning; -
The Reserve Bank, in its bid to take the Indian Rupee (INR) on global platform at greater pace, has conceptualised a solution wherein India’s domestic messaging system SFMS would be extended through a Global SFMS Hub to other countries. The interested countries can connect their local messaging system to Global SFMS Hub for cross-border payment messaging in their local currencies. This may help India in reducing dependence on other major trading currencies and may help in foreign exchange management; and - To support the ‘AatmaNirbhar Bharat’ initiative of the country, the Department plans to develop the following applications in-house to reduce external dependencies (including vendors), besides providing increased flexibility in terms of carrying out changes in the system by providing full control over the source codes:
o Development of e-Kuber 3.0 application by Reserve Bank Information Technology Private Ltd. (ReBIT), RBI’s wholly owned subsidiary. The development of the core accounting platform along with government payment module (GPx) is in progress. o Developing an alternate messaging system framework to support domestic as well cross-border financial and non-financial message communication. It would be based on globally accepted ISO 20022 messaging standards with functionalities like cross-border solution, and letter of credit/bank guarantee (LC/BG) message. o Develop an alternate mechanism for digital payment systems, which would offer all the functionalities currently being offered by existing CPS along with other advanced functionalities. The system would support retail and high value payment services, bulk message support and low value fast payment services. It would provide options like thick client and open API solution to connect to CPS. It is also proposed to offer this in-house developed comprehensive system to other countries as well. 4. CONCLUSION IX.59 The Reserve Bank continued its efforts to develop state-of-the-art payment and settlement systems in the country through launch of several initiatives during the year in line with Payments Vision Document 2025 across anchor goalposts of integrity, inclusion, innovation and internationalisation. During the year, possibilities were also explored for increasing the global footprints of UPI and RuPay. Besides, enhancements in e-Kuber and payment systems, a revamp of major internal applications of the Reserve Bank was also undertaken. Best practices in cyber hygiene have been adopted to ensure the security of the Reserve Bank’s IT infrastructure. The initiative towards setting-up of a cloud facility has commenced to enhance security, integrity, and privacy of Indian financial sector. Going forward, a state-of-the-art greenfield next generation data centre would be operationalised to address the capacity expansion constraints, meet ever-increasing IT landscape needs and avoid region specific risks.
Index |